Skip to content

Commit

Permalink
Merge pull request #4623 from sbwalker/dev
Browse files Browse the repository at this point in the history 
fix external login
  • Loading branch information
@sbwalker
sbwalker authored Sep 17, 2024
2 parents 6f5da1c + b0669a3 commit 013bbc1
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 13 deletions.
25 changes: 13 additions & 12 deletions Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
using System.Net;
using System.Text.Json.Nodes;
using System.Globalization;
using System.Collections.Generic;

namespace Oqtane.Extensions
{
Expand Down Expand Up @@ -365,7 +366,6 @@ private static async Task<ClaimsIdentity> ValidateUser(string id, string name, s
{
user = _users.GetUser(identityuser.UserName);
user.SiteId = alias.SiteId;
user.SecurityStamp = identityuser.SecurityStamp;
}
else
{
Expand Down Expand Up @@ -431,17 +431,14 @@ private static async Task<ClaimsIdentity> ValidateUser(string id, string name, s
var result = await _identityUserManager.CreateAsync(identityuser, password);
if (result.Succeeded)
{
identityuser = await _identityUserManager.FindByNameAsync(username);

user = new User
{
SiteId = alias.SiteId,
Username = username,
DisplayName = displayname,
Email = emailaddress,
LastLoginOn = null,
LastIPAddress = "",
SecurityStamp = identityuser.SecurityStamp
LastIPAddress = ""
};
user = _users.AddUser(user);

Expand Down Expand Up @@ -531,20 +528,17 @@ private static async Task<ClaimsIdentity> ValidateUser(string id, string name, s
// manage user
if (user != null)
{
// create claims identity
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
var userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList();
identity = UserSecurity.CreateClaimsIdentity(alias, user, userRoles);
identity.Label = ExternalLoginStatus.Success;

// update user
user.LastLoginOn = DateTime.UtcNow;
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
_users.UpdateUser(user);

// external roles
// manage roles
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
var userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList();
if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:RoleClaimType", "")))
{
// external roles
if (claimsPrincipal.Claims.Any(item => item.Type == httpContext.GetSiteSettings().GetValue("ExternalLogin:RoleClaimType", "")))
{
var _roles = httpContext.RequestServices.GetRequiredService<IRoleRepository>();
Expand Down Expand Up @@ -590,13 +584,20 @@ private static async Task<ClaimsIdentity> ValidateUser(string id, string name, s
}
}
}
userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList();
}
else
{
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The Role Claim {ClaimType} Does Not Exist. Please Use The Review Claims Feature To View The Claims Returned By Your Provider.", httpContext.GetSiteSettings().GetValue("ExternalLogin:RoleClaimType", ""));
}
}

// create claims identity
identityuser = await _identityUserManager.FindByEmailAsync(user.Username);
user.SecurityStamp = identityuser.SecurityStamp;
identity = UserSecurity.CreateClaimsIdentity(alias, user, userRoles);
identity.Label = ExternalLoginStatus.Success;

// user profile claims
if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "")))
{
Expand Down
2 changes: 1 addition & 1 deletion Oqtane.Server/Security/PrincipalValidator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ public static Task ValidateAsync(CookieValidatePrincipalContext context)
var user = userManager.GetUser(context.Principal.UserId(), alias.SiteId); // cached

// check if user is valid, not deleted, has roles, and security stamp has not changed
if (user != null && !user.IsDeleted && user.Roles.Any() && context.Principal.SecurityStamp() == user.SecurityStamp)
if (user != null && !user.IsDeleted && !string.IsNullOrEmpty(user.Roles) && context.Principal.SecurityStamp() == user.SecurityStamp)
{
// validate sitekey in case user has changed sites in installation
if (context.Principal.SiteKey() != alias.SiteKey || !context.Principal.Roles().Any())
Expand Down

0 comments on commit 013bbc1

Please sign in to comment.